This topic introduces the terms related to Resource Management.

Resource Management

resource directory

Alibaba Cloud provides resource directories for enterprise customers to manage relationships among a number of accounts.

A resource directory enables you to establish an organizational structure quickly based on your business. Then, you can consolidate the accounts of your enterprise into this structure to form a hierarchy for resources. This way, your enterprise can manage accounts and resources in a centralized manner. The resource directory can meet your management requirements on network deployment, settlement, user permissions, security compliance, and log auditing.

resource group

You can sort resources owned by your Alibaba Cloud account into various resource groups. This simplifies resource and permission management under your Alibaba Cloud account.


A folder is an organizational unit in a resource directory. A folder may indicate a branch, line of business, or project of an enterprise. Each folder can contain member accounts and child folders to form a tree-shaped organizational structure.

root folder

A root folder is the parent folder of all the other folders in a resource directory. These folders are organized in a hierarchy that starts from the root folder.

master account

A master account is the account used to enable a resource directory and is the super administrator of the resource directory. The master account has administrative permissions on the resource directory and the member accounts in the resource directory. Only an Alibaba Cloud account that has passed enterprise real-name verification can be used as a master account. Each resource directory has only one master account.

To ensure the security of the master account, we recommend that you create an Alibaba Cloud account and use this account as the master account.

Note A master account does not belong to any resource directory and is not limited by the management policies of its resource directory.

member account

A member account is an Alibaba Cloud account. It serves as a container for resources and is also an organizational unit in a resource directory. A member account indicates a project or application. The resources under different member accounts are isolated.

The following types of member accounts are supported:

  • Resource account

    We recommend that you use resource accounts in a resource directory. By default, root permissions are not allowed for resource accounts. Therefore, resource accounts are secure. You can use a master account to authorize RAM users, user groups, or roles to access the resources under resource accounts.

  • Cloud account

    A cloud account has all the features of an Alibaba Cloud account, including root permissions. When you create a cloud account in a resource directory, you need to use a new email address as the logon name of the cloud account. For more information, see Create a member account. You can use a master account to authorize RAM users, user groups, or roles to access the resources under cloud accounts.


    If you want to use a created cloud account to log on to Alibaba Cloud, you need to first retrieve the account password.

Alibaba Cloud account

An Alibaba Cloud account serves as a unique ID for you to access, purchase, and manage resources on Alibaba Cloud. The account is also a resource container and a capital account. It identifies a user and represents an identity.

Essentially, the master account and member accounts of a resource directory are Alibaba Cloud accounts. However, the member accounts are Alibaba Cloud accounts that only serve as resource containers. After you consolidate the accounts of your enterprise into a resource directory, you can also manage the users and funds under these accounts in a centralized manner.